Bug 12757 - idmap_rfc2307: Lookup of more than two SIDs fails
Summary: idmap_rfc2307: Lookup of more than two SIDs fails
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.6.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2017-04-26 21:02 UTC by Christof Schmitt
Modified: 2017-05-19 07:20 UTC (History)
2 users (show)

See Also:

Patches for 4.5 (20.50 KB, patch)
2017-05-10 23:00 UTC, Christof Schmitt
cs: review+
vl: review+
Patches for 4.6 (20.50 KB, patch)
2017-05-10 23:14 UTC, Christof Schmitt
cs: review+
vl: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Christof Schmitt 2017-04-26 21:02:07 UTC
There's a defect in idmap_rfc2307 when more than two SIDs need to be converted to unix ids. So with an empty  gencache (net cache flush) doing a wbinfo -r on a user (i.e. the essence of "id") after a successful SMB login will only show the first two GIDs correctly. After the negative idmap cache timeout another wbinfo -r will add two more GIDs and  so on. This will then work fine until the normal idmap cache timeout flushes the successful entries again. So after n/2 tries (n being the number of groups a user is member of) it will work fine for a week.
Comment 1 Christof Schmitt 2017-05-10 23:00:04 UTC
Created attachment 13208 [details]
Patches for 4.5
Comment 2 Christof Schmitt 2017-05-10 23:14:25 UTC
Created attachment 13209 [details]
Patches for 4.6
Comment 3 Karolin Seeger 2017-05-12 06:52:23 UTC
Pushed to autobuild-v4-{6,5}-test.
Comment 4 Karolin Seeger 2017-05-19 07:20:00 UTC
(In reply to Karolin Seeger from comment #3)
Pushed to both branches.
Closing out bug report.